CVEs-PoC/2020/CVE-2020-9362.md

### [CVE-2020-9362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9362)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.

### POC

#### Reference
- http://packetstormsecurity.com/files/156580/QuickHeal-Generic-Malformed-Archive-Bypass.html
- https://blog.zoller.lu/p/from-low-hanging-fruit-department_24.html
- https://blog.zoller.lu/p/tzo-20-2020-quickheal-malformed-archive.html

#### Github
No PoCs found on GitHub currently.